uvm_fault(0xfffffd806bc0abb0, 0xcd77c888f7, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd806bc0abb0, 0xcd77c888f7, 0, 1) -> e pool_do_put(ffffffff827deb38,fffffd805b80ec00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 end trace frame: 0xffff80001e7b90b0, count: 0 ddb> trace pool_do_put(ffffffff827deb38,fffffd805b80ec00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff827deb38,fffffd805b80ec00) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd805b80ec00) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000b39000,800100,ffff800000b39040,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000b39000,ffff800000ac2800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000ac2800,ffff80001e7b9610,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001e7b9610,ffff800000ac2800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd805da6aaf8,8080691a,ffff80001e7b9610,ffff80001d718870) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001d718870,ffff80001e7b9728,ffff80001e7b9770) at sys_ioctl+0x4a1 syscall(ffff80001e7b97f0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7827eb50890, count: -11 ddb> show registers rdi 0xffffffff82036e55 pool_do_put+0x125 rsi 0x17f rbp 0xffff80001e7b9060 rbx 0xcd77c888ef rdx 0x180 rcx 0xffff80001d799000 rax 0xffff80001d799000 r8 0x4 r9 0x5 r10 0x1cf5ed7ce36477b1 r11 0x1fef7bf69ffec747 r12 0xfffffd805b80ec00 r13 0xc3a4d7cd77c888ef r14 0xffffffff827deb38 mbpool r15 0xfffffd8062fbf9c8 rip 0xffffffff82036e5e pool_do_put+0x12e cs 0x8 rflags 0x10296 __ALIGN_SIZE+0xf296 rsp 0xffff80001e7b8fb0 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.1) pid=502552 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=74, nice=20 forw=0xffffffffffffffff, list=0xffff80001d6a9278,0xffffffff82836348 process=0xffff8000ffffb208 user=0xffff80001e7b4000, vmspace=0xfffffd806bc0abb0 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 25528 215765 8483 0 2 0 syz-executor.1 *25528 502552 8483 0 7 0x4000000 syz-executor.1 51224 181873 28110 0 2 0 syz-executor.0 51224 438675 28110 0 3 0x4000080 ttyout syz-executor.0 10264 81018 0 0 3 0x14200 acct acct 41747 384621 0 0 3 0x14200 bored sosplice 28110 81068 41388 0 3 0x82 nanosleep syz-executor.0 8483 393506 41388 0 3 0x82 nanosleep syz-executor.1 41388 118870 81271 0 3 0x82 thrsleep syz-fuzzer 41388 373011 81271 0 3 0x4000082 thrsleep syz-fuzzer 41388 132230 81271 0 3 0x4000082 kqread syz-fuzzer 41388 95489 81271 0 3 0x4000082 thrsleep syz-fuzzer 41388 520458 81271 0 3 0x4000082 thrsleep syz-fuzzer 41388 473582 81271 0 3 0x4000082 thrsleep syz-fuzzer 41388 138065 81271 0 3 0x4000082 thrsleep syz-fuzzer 81271 339379 25895 0 3 0x10008a pause ksh 25895 221404 82365 0 3 0x92 select sshd 20592 273858 1 0 3 0x100083 ttyin getty 82365 494273 1 0 3 0x80 select sshd 92833 454141 75577 73 3 0x100090 kqread syslogd 75577 102939 1 0 3 0x100082 netio syslogd 6975 276705 1 77 3 0x100090 poll dhclient 78490 299025 1 0 3 0x80 poll dhclient 33045 66422 0 0 3 0x14200 bored smr 40259 134486 0 0 2 0x14200 zerothread 32984 449794 0 0 3 0x14200 aiodoned aiodoned 18775 481685 0 0 3 0x14200 syncer update 26226 161867 0 0 3 0x14200 cleaner cleaner 423 146997 0 0 3 0x14200 reaper reaper 19827 449449 0 0 3 0x14200 pgdaemon pagedaemon 76959 455832 0 0 3 0x14200 bored crynlk 94618 160001 0 0 3 0x14200 bored crypto 86211 267058 0 0 3 0x40014200 acpi0 acpi0 93554 32543 0 0 3 0x14200 bored softnet 46872 315587 0 0 3 0x14200 bored systqmp 15941 70415 0 0 3 0x14200 bored systq 58656 265837 0 0 3 0x40014200 bored softclock 142 299204 0 0 3 0x40014200 idle0 1 509039 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9474 6333K 6592K 78643K 10906 0 pcb 13 8K 8K 78643K 75 0 rtable 114 5K 9K 78643K 419 0 ifaddr 65 14K 14K 78643K 130 0 sysctl 2 0K 0K 78643K 2 0 counters 21 16K 16K 78643K 25 0 ioctlops 0 0K 4K 78643K 67 0 iov 0 0K 12K 78643K 36 0 mount 1 1K 1K 78643K 1 0 vnodes 1220 77K 77K 78643K 1359 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 7 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 60 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 6 17K 25K 78643K 265 0 sigio 0 0K 0K 78643K 4 0 proc 49 38K 54K 78643K 387 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 17 0 in_multi 48 2K 2K 78643K 76 0 ether_multi 1 0K 0K 78643K 7 0 mrt 0 0K 0K 78643K 6 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 43 201K 201K 78643K 43 0 exec 0 0K 1K 78643K 219 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 131 23K 24K 78643K 1459 0 UVM aobj 16 2K 2K 78643K 16 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 56 0 NDP 8 0K 0K 78643K 17 0 temp 94 3846K 3910K 78643K 11218 0 kqueue 3 4K 12K 78643K 19 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 8 0 1 1 0 1 1 0 8 0 rtpcb 80 43 0 41 1 0 1 1 0 8 0 rtentry 112 59 0 15 2 0 2 2 0 8 0 unpcb 120 97 0 89 1 0 1 1 0 8 0 syncache 264 10 0 10 2 1 1 1 0 8 1 tcpqe 32 210 0 210 1 1 0 1 0 8 0 tcpcb 544 116 0 112 1 0 1 1 0 8 0 ipq 40 5 0 5 1 0 1 1 0 8 1 ipqe 40 53 0 53 1 0 1 1 0 8 1 inpcb 296 669 0 659 2 0 2 2 0 8 1 rttmr 72 2 0 2 1 1 0 1 0 8 0 nd6 48 7 0 3 1 0 1 1 0 8 0 pfstscr 40 1 0 0 1 0 1 1 0 8 0 pfrke_plain 160 8 0 8 1 0 1 1 0 8 1 pfrktable 1344 74 0 70 2 0 2 2 0 8 1 pftag 88 10 0 8 1 0 1 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 112 2 0 0 1 0 1 1 0 8 0 pfstate 328 1 0 0 1 0 1 1 0 8 0 pfrule 1360 19 0 15 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 228 0 43 13 0 13 13 0 8 0 art_table 32 229 0 43 2 0 2 2 0 8 0 art_node 16 58 0 17 1 0 1 1 0 8 0 sysvmsgpl 40 10 0 4 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 56 0 46 1 0 1 1 0 8 0 shmpl 112 14 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1766 0 370 88 0 88 88 0 8 0 ffsino 240 1766 0 370 83 0 83 83 0 8 0 nchpl 144 2316 0 713 60 0 60 60 0 8 0 rtmask 32 16 0 16 1 0 1 1 0 8 1 uvmvnodes 72 1893 0 0 35 0 35 35 0 8 0 vnodes 208 1893 0 0 100 0 100 100 0 8 0 namei 1024 6221 0 6221 1 0 1 1 0 8 1 vmpool 528 2 0 2 1 0 1 1 0 8 1 pfiaddrpl 120 22 0 20 1 0 1 1 0 8 0 scxspl 192 6594 0 6594 1 0 1 1 0 8 1 plimitpl 152 28 0 21 1 0 1 1 0 8 0 sigapl 424 453 0 422 4 0 4 4 0 8 0 futexpl 56 5632 0 5632 1 0 1 1 0 8 1 knotepl 112 83 0 64 1 0 1 1 0 8 0 kqueuepl 144 43 0 41 1 0 1 1 0 8 0 pipelkpl 16 99 0 89 1 0 1 1 0 8 0 pipepl 120 198 0 179 1 0 1 1 0 8 0 fdescpl 432 437 0 422 2 0 2 2 0 8 0 filepl 120 2647 0 2547 4 0 4 4 0 8 0 lockfpl 104 60 0 59 1 0 1 1 0 8 0 lockfspl 48 23 0 22 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 19 0 9 1 0 1 1 0 8 0 ucredpl 96 244 0 237 1 0 1 1 0 8 0 zombiepl 144 422 0 422 1 0 1 1 0 8 1 processpl 920 453 0 422 4 0 4 4 0 8 0 procpl 624 744 0 705 4 0 4 4 0 8 1 sosppl 128 7 0 7 1 0 1 1 0 8 1 sockpl 400 809 0 789 4 0 4 4 0 8 2 mcl64k 65536 19 0 19 1 0 1 1 0 8 1 mcl16k 16384 1 0 1 1 0 1 1 0 8 1 mcl12k 12288 4 0 4 1 0 1 1 0 8 1 mcl9k 9216 3 0 3 1 0 1 1 0 8 1 mcl8k 8192 8 0 8 1 0 1 1 0 8 1 mcl4k 4096 27 0 27 2 1 1 1 0 8 1 mcl2k2 2112 1 0 1 1 0 1 1 0 8 1 mcl2k 2048 77382 0 77331 18 11 7 15 0 8 0 mtagpl 96 22 0 2 2 1 1 1 0 8 0 mbufpl 256 124323 0 124186 21 3 18 19 0 8 8 mbufpl: pool(0xffffffff827deb38:mbufpl): free list modified: page 0xfffffd805b80e000; item ordinal 5; addr 0xfffffd805b80ed00 (p 0xfffffd8062fbf000); offset 0x0=0x0 mbufpl: pool(0xffffffff827deb38:mbufpl): page inconsistency: page 0xfffffd805b80e000; item ordinal 6; addr 0xcd77c888ef bufpl 280 3662 0 128 253 0 253 253 0 8 0 anonpl 16 55343 0 38897 73 2 71 72 0 107 4 amapchunkpl 152 1978 0 1828 11 1 10 11 0 158 4 amappl16 192 1912 0 1018 46 0 46 46 0 8 1 amappl15 184 2 0 1 1 0 1 1 0 8 0 amappl14 176 148 0 141 1 0 1 1 0 8 0 amappl13 168 27 0 24 1 0 1 1 0 8 0 amappl12 160 126 0 124 2 1 1 1 0 8 0 amappl11 152 49 0 39 1 0 1 1 0 8 0 amappl10 144 123 0 118 1 0 1 1 0 8 0 amappl9 136 312 0 311 1 0 1 1 0 8 0 amappl8 128 330 0 288 2 0 2 2 0 8 0 amappl7 120 110 0 97 1 0 1 1 0 8 0 amappl6 112 28 0 20 1 0 1 1 0 8 0 amappl5 104 494 0 482 1 0 1 1 0 8 0 amappl4 96 429 0 399 1 0 1 1 0 8 0 amappl3 88 113 0 108 1 0 1 1 0 8 0 amappl2 80 2765 0 2690 2 0 2 2 0 8 0 amappl1 72 17540 0 17095 22 12 10 17 0 8 0 amappl 80 975 0 929 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 15 0 0 1 0 1 1 0 8 0 uaddrrnd 24 439 0 424 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 439 0 424 1 0 1 1 0 8 0 vmmpekpl 168 6764 0 6738 2 0 2 2 0 8 0 vmmpepl 168 58677 0 56575 115 10 105 111 0 357 13 vmsppl 272 438 0 424 2 1 1 2 0 8 0 pdppl 4096 884 0 848 6 1 5 6 0 8 0 pvpl 32 176686 0 157183 172 1 171 172 0 265 13 pmappl 200 438 0 424 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 253 0 19 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pool_do_put(ffffffff827deb38,fffffd805b80ec00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff827deb38,fffffd805b80ec00) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd805b80ec00) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000b39000,800100,ffff800000b39040,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000b39000,ffff800000ac2800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000ac2800,ffff80001e7b9610,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001e7b9610,ffff800000ac2800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd805da6aaf8,8080691a,ffff80001e7b9610,ffff80001d718870) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001d718870,ffff80001e7b9728,ffff80001e7b9770) at sys_ioctl+0x4a1 syscall(ffff80001e7b97f0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7827eb50890, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace pool_do_put(ffffffff827deb38,fffffd805b80ec00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff827deb38,fffffd805b80ec00) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd805b80ec00) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000b39000,800100,ffff800000b39040,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000b39000,ffff800000ac2800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000ac2800,ffff80001e7b9610,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001e7b9610,ffff800000ac2800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd805da6aaf8,8080691a,ffff80001e7b9610,ffff80001d718870) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001d718870,ffff80001e7b9728,ffff80001e7b9770) at sys_ioctl+0x4a1 syscall(ffff80001e7b97f0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7827eb50890, count: -11